Kong
init.lua:553: error parsing declarative config file /home/kong/kong.yml (with docker images :: v2.8.1 and v2.8.5)
Is there an existing issue for this?
- [x] I have searched the existing issues
Kong version ($ kong version)
2.8.1 (recommended in the Supabase docker-compose.yml
Hello Friends:
- My environment:
- Fedora-41
- Podman v5.4.1 (not docker)
- kong image: v2.8.1 (as configured in the Supabase stack)
- user$ docker run -it docker.io/library/kong:2.8.1 kong version
2.8.1 --OR--
- user$ docker run -it docker.io/library/kong:2.8.5 kong version
2.8.5
When kong starts up using either:
user$ podman-compose -f ./docker-compose.yml up -d # All Supabase services, including kong.
user$ podman-compose -f ./docker-compose.yml up -d kong # Only kong and services that depend on it.
I get the following continuously, and it's container keeps restarting:
nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:553: error parsing declarative config file /home/kong/kong.yml:
failed parsing declarative configuration: 31:5: did not find expected tag URI
stack traceback:
[C]: in function 'error'
/usr/local/share/lua/5.1/kong/init.lua:553: in function 'init'
init_by_lua:3: in main chunk
I believe that the file it's complaining about is this one, though I'm unsure:
- https://github.com/supabase/supabase/tree/master/docker/
General Supabase docker configs - https://github.com/supabase/supabase/blob/master/docker/volumes/api/kong.yml
<--- This one. - https://github.com/supabase/supabase/blob/master/docker/docker-compose.yml
Compose file
I tried everything I can think of and am at a loss. Any help would be greatly appreciated.
EDIT: Note that I subsequently tried the same with docker-ce (not podman) but that did not fix the issue. I didn't think it would, but wanted to be complete.
Thank you!
bash -c 'eval "echo "$$(cat ~/temp.yml)"" > ~/kong.yml && /docker-entrypoint.sh kong docker-start'
Seems like it's using a strange way to use config templates. Ensure the value of env DASHBOARD_PASSWORD does not break the yaml parser, or better, you should use a more robust way to templatize
@StarlightIbuki First, thank you for replying.
You hit the nail on the head because I noticed the same thing over the weekend. That docker-compose.yaml file, which in turns loads their kong.yaml file, were authored by Supabase (not me), and I too found the entrypoint: and volumes: entries odd (circuitous).
So, after posting this issue, I modified the docker-compose.yaml file at the locations marked below as <--- Here. More precisely, I simplified the loading of ./volumes/api/kong.yml (and if you compare before & after, you'll see this):
[ ... snip ... ]
kong:
container_name: supabase-kong
image: docker.io/kong:2.8.5
restart: unless-stopped
ports:
- 0.0.0.0:${KONG_HTTP_PORT}:8000/tcp
- 0.0.0.0:${KONG_HTTPS_PORT}:8443/tcp
volumes:
- ./volumes/api/kong.yml:/home/kong/kong.yml:ro,z # <--- Here.
depends_on:
analytics:
condition: service_healthy
environment:
KONG_DATABASE: "off"
KONG_DECLARATIVE_CONFIG: "/home/kong/kong.yml"
# https://github.com/supabase/cli/issues/14
KONG_DNS_ORDER: LAST,A,CNAME
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
SUPABASE_ANON_KEY: ${ANON_KEY}
SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY}
DASHBOARD_USERNAME: ${DASHBOARD_USERNAME}
DASHBOARD_PASSWORD: ${DASHBOARD_PASSWORD}
entrypoint: bash -c '/docker-entrypoint.sh kong docker-start' # <--- Here.
[ ... snip ... ]
While that seemingly (seemingly) got rid of the "parsing error" reported in this issue -- i.e., the container stays up and no longer restarts -- now, when attempting to log into Supabase through Kong, I get this:
Kong Error
Invalid authentication credentials.
And this remains true even when I hard-code these login credentials directly into, docker-compose.yaml, like this:
DASHBOARD_USERNAME: xxxx
DASHBOARD_PASSWORD: yyyy
versus reading from the .env file. So, while the container is no longer restarting, maybe parsing is still a problem? Any thoughts? Thank you!
EDIT:
When I connect to the running container, everything seems as expected:
user@docker-host$ docker exec -it supabase-kong /bin/bash
9d958072b927:/$ grep DASHBOARD_ /home/kong/kong.yml
username: $DASHBOARD_USERNAME
password: $DASHBOARD_PASSWORD
9d958072b927:/$ env | grep DASHBOARD_
DASHBOARD_USERNAME=supabase
DASHBOARD_PASSWORD=<redacted_pw>
9d958072b927:/$ exit
user@docker-host$
I can confirm that this is, indeed, problematic:
entrypoint: bash -c 'eval "echo \"$$(cat ~/temp.yml)\"" > ~/kong.yml && /docker-entrypoint.sh kong docker-start'
What is wants to do is take the in-guest /home/kong/temp.yml file (mounted via the docker volume: mapping), on-the-fly resolve all shell environment variables within it (b/c docker .env resolution isn't involved in this second pass), and finally write that output to /home/kong/kong.yml. But something in the syntax isn't working well.
This isn't a Kong issue.
This isn't a Kong issue.
No, this is not. Consider issuing a ticket to Supabase.
And this remains true even when I hard-code these login credentials directly into docker-compose.yaml
I took a closer look and found that the place you should hard-code the credential should be in the volumes/api/kong.yml, not the Docker file.
@StarlightIbuki Correct and, in fact, that's what ultimately had to do (hard-code it in the file you mentioned). I tried everything to get it to dynamically update then load, but that won't work. Because even when entrypoint the syntax is correct, Kong wants that file earlier in the process (I could see this in the logs).
I had created a ticket with the Supabase people and I'll leave it there.
Thanks for your help. ☺️ I'll close the ticket now.